summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2001-07-25 14:35:19 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2001-07-25 14:35:19 +0000
commit9444a851b196cc13d41c780f8f45a06276136e05 (patch)
treefb3faebcb11082fe91142dbc5049452028180967 /usr.bin/ssh
parent9b5d0ac364b4502c9f4962efc3b9cf762eeb8a23 (diff)
cleanup connect(); connection_attempts 4 -> 1; from eivind@freebsd.org
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/readconf.c4
-rw-r--r--usr.bin/ssh/ssh.14
-rw-r--r--usr.bin/ssh/ssh.c29
-rw-r--r--usr.bin/ssh/sshconnect.c56
4 files changed, 67 insertions, 26 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index 91cf4079339..b8c31bbdbda 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.83 2001/07/22 22:04:19 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.84 2001/07/25 14:35:18 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -841,7 +841,7 @@ fill_default_options(Options * options)
if (options->port == -1)
options->port = 0; /* Filled in ssh_connect. */
if (options->connection_attempts == -1)
- options->connection_attempts = 4;
+ options->connection_attempts = 1;
if (options->number_of_password_prompts == -1)
options->number_of_password_prompts = 3;
/* Selected in ssh_login(). */
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index b96edeacc83..32d54c37ad9 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.123 2001/07/23 12:47:05 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.124 2001/07/25 14:35:18 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -732,7 +732,7 @@ Specifies the number of tries (one per second) to make before falling
back to rsh or exiting.
The argument must be an integer.
This may be useful in scripts if the connection sometimes fails.
-The default is 4.
+The default is 1.
.It Cm EscapeChar
Sets the escape character (default:
.Ql ~ ) .
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index c3229678cbc..9bc8e4039cf 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.129 2001/07/11 16:29:59 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.130 2001/07/25 14:35:18 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -244,7 +244,7 @@ static void load_public_identity_files(void);
int
main(int ac, char **av)
{
- int i, opt, exit_status, ok;
+ int i, opt, exit_status, cerr;
u_short fwd_port, fwd_host_port;
char *p, *cp, buf[256];
struct stat st;
@@ -642,7 +642,7 @@ again:
/* Open a connection to the remote host. */
- ok = ssh_connect(host, &hostaddr, options.port,
+ cerr = ssh_connect(host, &hostaddr, options.port,
options.connection_attempts,
original_effective_uid != 0 || !options.use_privileged_port,
pw, options.proxy_command);
@@ -655,7 +655,7 @@ again:
*/
sensitive_data.nkeys = 0;
sensitive_data.keys = NULL;
- if (ok && (options.rhosts_rsa_authentication ||
+ if (!cerr && (options.rhosts_rsa_authentication ||
options.hostbased_authentication)) {
sensitive_data.nkeys = 3;
sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key));
@@ -693,20 +693,19 @@ again:
error("Could not create directory '%.200s'.", buf);
/* Check if the connection failed, and try "rsh" if appropriate. */
- if (!ok) {
+ if (cerr) {
+ if (!options.fallback_to_rsh)
+ exit(1);
if (options.port != 0)
- log("Secure connection to %.100s on port %hu refused%.100s.",
- host, options.port,
- options.fallback_to_rsh ? "; reverting to insecure method" : "");
+ log("Secure connection to %.100s on port %hu refused; "
+ "reverting to insecure method",
+ host, options.port);
else
- log("Secure connection to %.100s refused%.100s.", host,
- options.fallback_to_rsh ? "; reverting to insecure method" : "");
+ log("Secure connection to %.100s refused; "
+ "reverting to insecure method.", host);
- if (options.fallback_to_rsh) {
- rsh_connect(host, options.user, &command);
- fatal("rsh_connect returned");
- }
- exit(1);
+ rsh_connect(host, options.user, &command);
+ fatal("rsh_connect returned");
}
/* load options.identity_files */
load_public_identity_files();
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index f182f900b1f..314de98f518 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.109 2001/06/23 15:12:21 itojun Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.110 2001/07/25 14:35:18 markus Exp $");
#include <openssl/bn.h>
@@ -41,6 +41,27 @@ extern char *__progname;
/* AF_UNSPEC or AF_INET or AF_INET6 */
extern int IPv4or6;
+static const char *
+sockaddr_ntop(struct sockaddr *sa)
+{
+ void *addr;
+ static char addrbuf[INET6_ADDRSTRLEN];
+
+ switch (sa->sa_family) {
+ case AF_INET:
+ addr = &((struct sockaddr_in *)sa)->sin_addr;
+ break;
+ case AF_INET6:
+ addr = &((struct sockaddr_in6 *)sa)->sin6_addr;
+ break;
+ default:
+ /* This case should be protected against elsewhere */
+ abort();
+ }
+ inet_ntop(sa->sa_family, addr, addrbuf, sizeof(addrbuf));
+ return addrbuf;
+}
+
/*
* Connect to the given ssh server using a proxy command.
*/
@@ -138,7 +159,8 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
/* Set the connection file descriptors. */
packet_set_connection(pout[0], pin[1]);
- return 1;
+ /* Indicate OK return */
+ return 0;
}
/*
@@ -208,6 +230,12 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
* second). If proxy_command is non-NULL, it specifies the command (with %h
* and %p substituted for host and port, respectively) to use to contact
* the daemon.
+ * Return values:
+ * 0 for OK
+ * ECONNREFUSED if we got a "Connection Refused" by the peer on any address
+ * ECONNABORTED if we failed without a "Connection refused"
+ * Suitable error messages for the connection failure will already have been
+ * printed.
*/
int
ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
@@ -222,6 +250,12 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
struct addrinfo hints, *ai, *aitop;
struct linger linger;
struct servent *sp;
+ /*
+ * Did we get only other errors than "Connection refused" (which
+ * should block fallback to rsh and similar), or did we get at least
+ * one "Connection refused"?
+ */
+ int full_failure = 1;
debug("ssh_connect: getuid %u geteuid %u anon %d",
(u_int) getuid(), (u_int) geteuid(), anonymous);
@@ -252,8 +286,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
* Try to connect several times. On some machines, the first time
* will sometimes fail. In general socket code appears to behave
* quite magically on many machines.
- */
- for (attempt = 0; attempt < connection_attempts; attempt++) {
+ */
+ for (attempt = 0; ;) {
if (attempt > 0)
debug("Trying again...");
@@ -276,6 +310,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
!anonymous && geteuid() == 0,
ai->ai_family);
if (sock < 0)
+ /* Any error is already output */
continue;
/* Connect to the host. We use the user's uid in the
@@ -289,7 +324,11 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
restore_uid();
break;
} else {
- debug("connect: %.100s", strerror(errno));
+ if (errno == ECONNREFUSED)
+ full_failure = 0;
+ log("ssh: connect to address %s port %s: %s",
+ sockaddr_ntop(ai->ai_addr), strport,
+ strerror(errno));
restore_uid();
/*
* Close the failed socket; there appear to
@@ -304,6 +343,9 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
if (ai)
break; /* Successful connection. */
+ attempt++;
+ if (attempt >= connection_attempts)
+ break;
/* Sleep a moment before retrying. */
sleep(1);
}
@@ -312,7 +354,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
/* Return failure if we didn't get a successful connection. */
if (attempt >= connection_attempts)
- return 0;
+ return full_failure ? ECONNABORTED : ECONNREFUSED;
debug("Connection established.");
@@ -334,7 +376,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
/* Set the connection. */
packet_set_connection(sock, sock);
- return 1;
+ return 0;
}
/*